Bucket list access with a bucket policy from the CLI

In this section, we will see how to add a bucket policy from the CLI:

If you are following along from the previous section, remove the bucket policy that was added. Verify that you do not have access to list the bucket or get the object from the browser.
Create a bucket policy to allow our test user to access it and save it as bucket-policy-allow-test-user.json:

{
    "Id": "Policy1560416549842",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListAllBuckets",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::awsseccookbook",
            "Principal": {
                "AWS": "arn:aws:iam::135301570106:user/testuser"
            }
        }
    ]
}

The condition element is an optional element.

Attach the policy to the bucket:

aws s3api put-bucket-policy 
 --bucket awsseccookbook 
 --policy file://resources/bucket-policy-allow-test-user.json 
 --profile awssecadmin

List the contents of the bucket using the testuser user from the command line, as shown in the following screenshot:

Now that you have seen how to create policies from the console and the CLI, practice more scenarios with each of the available actions and conditions.

Table of Contents for Bucket list access with a bucket policy from the CLI

Create new playlist

Sign In

Sign Up

Table of Contents for
Bucket list access with a bucket policy from the CLI